Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'lXIiaGfXeWxZIZisNWjoSbhOfx' = '<SYSTEM32>\cuPjPFTDUzp_pN.exe'
Создает или изменяет следующие файлы:
- %HOMEPATH%\Start Menu\Programs\Startup\System Check.lnk
Вредоносные функции:
Внедряет код в
следующие системные процессы:
- %WINDIR%\Explorer.EXE
Изменения в файловой системе:
Создает следующие файлы:
- <SYSTEM32>\cuPjPFTDUzp_pN.exe
Сетевая активность:
Подключается к:
- 'bk####aejarpim.in':80
- 'ul####mnudvwbl.cc':80
- 'ck####mdwrvobp.tw':80
- 'dd####lubmchrq.tw':80
- 'dw####iaafkevp.net':80
- 'ga####ersqjrwm.com':80
- 'hm####thkidmru.net':80
- 'sl####hsnblykd.tw':80
- 'ou####xtoetfid.net':80
- 'io####cnkfrslf.net':80
- 'yy####sppgtpei.com':80
- 'ov####twtdgcpv.in':80
- 'ts####maclffxe.cc':80
- 'qy####nvtqwefc.cc':80
- 'jy####sdfnorsd.cc':80
- 'gb####gupmlane.tw':80
- 'md####fcrlkdhp.net':80
- 'rs####wgnnubgn.net':80
- 'am####xdljbyco.com':80
- 'yf####kguyqidv.in':80
- 'gy####sdoiaqvd.com':80
- 'gr####euipovfp.net':80
- 'fo####vxheaqwg.com':80
- 'aj####jpjuiywq.in':80
- 'tp####nxunnirx.in':80
- 'af####umxdsynl.cc':80
- 'ry####jhhdjbwn.tw':80
- 'hd####jfyeumcg.cc':80
- 'lt####qrwqgihq.tw':80
- 'cp####tpjtqhbb.net':80
- 'ye####hobeesdj.net':80
- 'rg####cmgrhijx.com':80
- 'vk####ckawfvyf.in':80
- 'jx####cribckcb.com':80
- 'ru####svlqdxht.net':80
- 'lv####iijhebtq.com':80
- 'px####uocfdhua.in':80
- 'fv####swqyxqpw.in':80
- 'wy####puyhhtnm.cc':80
- 'uo####oktmoujn.tw':80
- 'gy####xpdyjlka.tw':80
- 'kl####cmoanrqq.tw':80
- 'lj####fiqcpakv.net':80
- 'ug####wvbercvx.com':80
- 'im####dwmgouma.com':80
- 'ff####mmwpdcql.in':80
- 'ep####tycxwroi.cc':80
- 'kl####qgsuqugp.in':80
- 'uv####ntxtfnqx.com':80
- 'lf####xvmobevb.in':80
- 'jh####ysjxykpe.cc':80
- 'rt####ynasfejr.cc':80
- 'cb####nmhehtpv.tw':80
- 'jn####auphpuvu.net':80
- 'fb####rvfxbuar.tw':80
- 'lk####eybvyxyk.net':80
- 'aa####ckfumfhf.com':80
- 'si####nywpufum.com':80
- 'vg####rqpcafyx.in':80
- 'cd####epukuabu.cc':80
- 'ut####iuslnapl.in':80
- 'tg####sysciggp.com':80
- 'vl####puuditbu.in':80
- 'eo####bdtewfdp.cc':80
- 'ho####jlwevhav.cc':80
- 'kq####twctrcwi.tw':80
- 'so####gmlgvgdi.net':80
- 'au####jepirhpc.net':80
- 'tc####mvlnvgik.net':80
- 'wf####ldxdkimq.com':80
- 'iu####ackstduk.in':80
- 'xd####immcbbyb.in':80
- 'dg####onyqxgep.cc':80
- 'ec####itbvsqcw.tw':80
- 'cg####deltdfao.cc':80
- 'rj####qqpaqtmu.in':80
- 'kq####ifcmslmy.cc':80
- 'bf####rtpcfyqb.tw':80
- 'lu####nlrnjlkq.tw':80
- 'fo####dxuuhwmv.net':80
- 'fh####ghfjvfri.com':80
- 'nn####aqiussay.net':80
- 'tr####wfticukv.com':80
- 'ek####phvenngl.in':80
- 'gd####xwmnvcew.in':80
- 'av####ttogpdhh.cc':80
- 'lv####bgqccglj.tw':80
- 'lp####dfojknuk.cc':80
- 'nx####sqpgplwe.in':80
- 'ap####bfuivxxe.cc':80
- 'sr####xebaffhv.tw':80
- 'lw####ixshjaig.tw':80
- 'kg####hlryfyoe.net':80
- 'mk####cpohadtl.com':80
- 'kk####rwcevfes.com':80
- 'dy####nbcikfeb.in':80
- 'qs####lbawfsfy.cc':80
- 'vo####roxqouiw.tw':80
- 'at####mwqmfqav.tw':80
- 'fi####ycsbfnum.net':80
- 'we####eesfeukd.com':80
- 'xv####bnobebqs.net':80
- 'dl####wfuvxedk.tw':80
- 'aw####qlipdead.net':80
- 'nf####khiokgnp.com':80
- 'nq####eikwqkup.com':80
- 'su####ykhykrjo.in':80
- 'gw####ppdukokx.cc':80
TCP:
Запросы HTTP POST:
- bk####aejarpim.in/
- ul####mnudvwbl.cc/
- ck####mdwrvobp.tw/
- dd####lubmchrq.tw/
- dw####iaafkevp.net/
- ga####ersqjrwm.com/
- hm####thkidmru.net/
- sl####hsnblykd.tw/
- ou####xtoetfid.net/
- io####cnkfrslf.net/
- yy####sppgtpei.com/
- ov####twtdgcpv.in/
- ts####maclffxe.cc/
- qy####nvtqwefc.cc/
- jy####sdfnorsd.cc/
- gb####gupmlane.tw/
- md####fcrlkdhp.net/
- rs####wgnnubgn.net/
- am####xdljbyco.com/
- yf####kguyqidv.in/
- gy####sdoiaqvd.com/
- gr####euipovfp.net/
- fo####vxheaqwg.com/
- aj####jpjuiywq.in/
- tp####nxunnirx.in/
- af####umxdsynl.cc/
- ry####jhhdjbwn.tw/
- hd####jfyeumcg.cc/
- lt####qrwqgihq.tw/
- cp####tpjtqhbb.net/
- ye####hobeesdj.net/
- rg####cmgrhijx.com/
- vk####ckawfvyf.in/
- jx####cribckcb.com/
- ru####svlqdxht.net/
- lv####iijhebtq.com/
- px####uocfdhua.in/
- fv####swqyxqpw.in/
- wy####puyhhtnm.cc/
- uo####oktmoujn.tw/
- gy####xpdyjlka.tw/
- kl####cmoanrqq.tw/
- lj####fiqcpakv.net/
- ug####wvbercvx.com/
- im####dwmgouma.com/
- ff####mmwpdcql.in/
- ep####tycxwroi.cc/
- kl####qgsuqugp.in/
- uv####ntxtfnqx.com/
- lf####xvmobevb.in/
- jh####ysjxykpe.cc/
- rt####ynasfejr.cc/
- cb####nmhehtpv.tw/
- jn####auphpuvu.net/
- fb####rvfxbuar.tw/
- lk####eybvyxyk.net/
- aa####ckfumfhf.com/
- si####nywpufum.com/
- vg####rqpcafyx.in/
- cd####epukuabu.cc/
- ut####iuslnapl.in/
- tg####sysciggp.com/
- vl####puuditbu.in/
- eo####bdtewfdp.cc/
- ho####jlwevhav.cc/
- kq####twctrcwi.tw/
- so####gmlgvgdi.net/
- au####jepirhpc.net/
- tc####mvlnvgik.net/
- wf####ldxdkimq.com/
- iu####ackstduk.in/
- xd####immcbbyb.in/
- dg####onyqxgep.cc/
- ec####itbvsqcw.tw/
- cg####deltdfao.cc/
- rj####qqpaqtmu.in/
- kq####ifcmslmy.cc/
- bf####rtpcfyqb.tw/
- lu####nlrnjlkq.tw/
- fo####dxuuhwmv.net/
- fh####ghfjvfri.com/
- nn####aqiussay.net/
- tr####wfticukv.com/
- ek####phvenngl.in/
- gd####xwmnvcew.in/
- av####ttogpdhh.cc/
- lv####bgqccglj.tw/
- lp####dfojknuk.cc/
- nx####sqpgplwe.in/
- ap####bfuivxxe.cc/
- sr####xebaffhv.tw/
- lw####ixshjaig.tw/
- kg####hlryfyoe.net/
- mk####cpohadtl.com/
- kk####rwcevfes.com/
- dy####nbcikfeb.in/
- qs####lbawfsfy.cc/
- vo####roxqouiw.tw/
- at####mwqmfqav.tw/
- fi####ycsbfnum.net/
- we####eesfeukd.com/
- xv####bnobebqs.net/
- dl####wfuvxedk.tw/
- aw####qlipdead.net/
- nf####khiokgnp.com/
- nq####eikwqkup.com/
- su####ykhykrjo.in/
- gw####ppdukokx.cc/
UDP:
- DNS ASK bk####aejarpim.in
- DNS ASK ul####mnudvwbl.cc
- DNS ASK ck####mdwrvobp.tw
- DNS ASK dd####lubmchrq.tw
- DNS ASK dw####iaafkevp.net
- DNS ASK ga####ersqjrwm.com
- DNS ASK hm####thkidmru.net
- DNS ASK sl####hsnblykd.tw
- DNS ASK ou####xtoetfid.net
- DNS ASK io####cnkfrslf.net
- DNS ASK yy####sppgtpei.com
- DNS ASK ov####twtdgcpv.in
- DNS ASK ts####maclffxe.cc
- DNS ASK qy####nvtqwefc.cc
- DNS ASK jy####sdfnorsd.cc
- DNS ASK gb####gupmlane.tw
- DNS ASK md####fcrlkdhp.net
- DNS ASK rs####wgnnubgn.net
- DNS ASK am####xdljbyco.com
- DNS ASK yf####kguyqidv.in
- DNS ASK gy####sdoiaqvd.com
- DNS ASK gr####euipovfp.net
- DNS ASK fo####vxheaqwg.com
- DNS ASK aj####jpjuiywq.in
- DNS ASK tp####nxunnirx.in
- DNS ASK af####umxdsynl.cc
- DNS ASK ry####jhhdjbwn.tw
- DNS ASK hd####jfyeumcg.cc
- DNS ASK lt####qrwqgihq.tw
- DNS ASK cp####tpjtqhbb.net
- DNS ASK ye####hobeesdj.net
- DNS ASK rg####cmgrhijx.com
- DNS ASK vk####ckawfvyf.in
- DNS ASK jx####cribckcb.com
- DNS ASK ru####svlqdxht.net
- DNS ASK lv####iijhebtq.com
- DNS ASK px####uocfdhua.in
- DNS ASK fv####swqyxqpw.in
- DNS ASK wy####puyhhtnm.cc
- DNS ASK uo####oktmoujn.tw
- DNS ASK gy####xpdyjlka.tw
- DNS ASK kl####cmoanrqq.tw
- DNS ASK lj####fiqcpakv.net
- DNS ASK ug####wvbercvx.com
- DNS ASK im####dwmgouma.com
- DNS ASK ff####mmwpdcql.in
- DNS ASK ep####tycxwroi.cc
- DNS ASK kl####qgsuqugp.in
- DNS ASK uv####ntxtfnqx.com
- DNS ASK lf####xvmobevb.in
- DNS ASK jh####ysjxykpe.cc
- DNS ASK rt####ynasfejr.cc
- DNS ASK cb####nmhehtpv.tw
- DNS ASK jn####auphpuvu.net
- DNS ASK fb####rvfxbuar.tw
- DNS ASK lk####eybvyxyk.net
- DNS ASK aa####ckfumfhf.com
- DNS ASK si####nywpufum.com
- DNS ASK vg####rqpcafyx.in
- DNS ASK cd####epukuabu.cc
- DNS ASK ut####iuslnapl.in
- DNS ASK tg####sysciggp.com
- DNS ASK vl####puuditbu.in
- DNS ASK eo####bdtewfdp.cc
- DNS ASK ho####jlwevhav.cc
- DNS ASK kq####twctrcwi.tw
- DNS ASK so####gmlgvgdi.net
- DNS ASK au####jepirhpc.net
- DNS ASK tc####mvlnvgik.net
- DNS ASK wf####ldxdkimq.com
- DNS ASK iu####ackstduk.in
- DNS ASK xd####immcbbyb.in
- DNS ASK dg####onyqxgep.cc
- DNS ASK ec####itbvsqcw.tw
- DNS ASK cg####deltdfao.cc
- DNS ASK rj####qqpaqtmu.in
- DNS ASK kq####ifcmslmy.cc
- DNS ASK bf####rtpcfyqb.tw
- DNS ASK lu####nlrnjlkq.tw
- DNS ASK fo####dxuuhwmv.net
- DNS ASK fh####ghfjvfri.com
- DNS ASK nn####aqiussay.net
- DNS ASK tr####wfticukv.com
- DNS ASK ek####phvenngl.in
- DNS ASK gd####xwmnvcew.in
- DNS ASK av####ttogpdhh.cc
- DNS ASK lv####bgqccglj.tw
- DNS ASK lp####dfojknuk.cc
- DNS ASK nx####sqpgplwe.in
- DNS ASK ap####bfuivxxe.cc
- DNS ASK sr####xebaffhv.tw
- DNS ASK lw####ixshjaig.tw
- DNS ASK kg####hlryfyoe.net
- DNS ASK mk####cpohadtl.com
- DNS ASK kk####rwcevfes.com
- DNS ASK dy####nbcikfeb.in
- DNS ASK qs####lbawfsfy.cc
- DNS ASK vo####roxqouiw.tw
- DNS ASK at####mwqmfqav.tw
- DNS ASK fi####ycsbfnum.net
- DNS ASK we####eesfeukd.com
- DNS ASK xv####bnobebqs.net
- DNS ASK dl####wfuvxedk.tw
- DNS ASK aw####qlipdead.net
- DNS ASK nf####khiokgnp.com
- DNS ASK nq####eikwqkup.com
- DNS ASK su####ykhykrjo.in
- DNS ASK gw####ppdukokx.cc
